From da090bdece2b6141692099633a0af3d915d3d63b Mon Sep 17 00:00:00 2001 From: "Matt Moore (via Sockpuppet)" Date: Tue, 13 Oct 2020 13:16:52 +0000 Subject: [PATCH] Update common github actions Signed-off-by: Matt Moore (via Sockpuppet) --- .github/workflows/knative-boilerplate.yaml | 96 +++++++ .github/workflows/knative-donotsubmit.yaml | 61 +++++ .github/workflows/knative-go-build.yaml | 59 +++++ .github/workflows/knative-go-test.yaml | 65 +++++ .github/workflows/knative-security.yaml | 52 ++++ .github/workflows/knative-stale.yaml | 49 ++++ .github/workflows/knative-style.yaml | 278 +++++++++++++++++++++ .github/workflows/knative-verify.yaml | 86 +++++++ 8 files changed, 746 insertions(+) create mode 100644 .github/workflows/knative-boilerplate.yaml create mode 100644 .github/workflows/knative-donotsubmit.yaml create mode 100644 .github/workflows/knative-go-build.yaml create mode 100644 .github/workflows/knative-go-test.yaml create mode 100644 .github/workflows/knative-security.yaml create mode 100644 .github/workflows/knative-stale.yaml create mode 100644 .github/workflows/knative-style.yaml create mode 100644 .github/workflows/knative-verify.yaml diff --git a/.github/workflows/knative-boilerplate.yaml b/.github/workflows/knative-boilerplate.yaml new file mode 100644 index 0000000000..b45afcca57 --- /dev/null +++ b/.github/workflows/knative-boilerplate.yaml @@ -0,0 +1,96 @@ +# Copyright 2020 The Knative Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is automagically synced here from github.com/knative-sandbox/.github +# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten. + +name: Boilerplate + +on: + pull_request: + branches: [ 'master', 'release-*' ] + +jobs: + + check: + name: Boilerplate Check + runs-on: ubuntu-latest + strategy: + fail-fast: false # Keep running if one leg fails. + matrix: + extension: + - go + - sh + + # Map between extension and human-readable name. + include: + - extension: go + language: Go + - extension: sh + language: Bash + + steps: + + - name: Set up Go 1.15.x + uses: actions/setup-go@v2 + with: + go-version: 1.15.x + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - name: Install Tools + run: | + TEMP_PATH="$(mktemp -d)" + cd $TEMP_PATH + + echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog' + curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 + echo '::endgroup::' + + echo '::group:: Installing boilerplate-check ... https://github.com/mattmoor/boilerplate-check' + go get github.com/mattmoor/boilerplate-check/cmd/boilerplate-check + echo '::endgroup::' + + echo "${TEMP_PATH}" >> $GITHUB_PATH + + - id: boilerplate_txt + uses: andstor/file-existence-action@v1 + with: + files: ./hack/boilerplate/boilerplate.${{ matrix.extension }}.txt + - name: ${{ matrix.language }} license boilerplate + shell: bash + if: ${{ steps.boilerplate_txt.outputs.files_exists == 'true' }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Running github.com/mattmoor/boilerplate-check for ${{ matrix.language }} with reviewdog 🐶 ...' + # Don't fail because of boilerplate-check + set +o pipefail + boilerplate-check check \ + --boilerplate ./hack/boilerplate/boilerplate.${{ matrix.extension }}.txt \ + --file-extension ${{ matrix.extension }} \ + --exclude "(vendor|third_party)/" | + reviewdog -efm="%A%f:%l: %m" \ + -efm="%C%.%#" \ + -name="${{ matrix.language }} headers" \ + -reporter="github-pr-check" \ + -filter-mode="diff_context" \ + -fail-on-error="true" \ + -level="error" + echo '::endgroup::' diff --git a/.github/workflows/knative-donotsubmit.yaml b/.github/workflows/knative-donotsubmit.yaml new file mode 100644 index 0000000000..92a96636ba --- /dev/null +++ b/.github/workflows/knative-donotsubmit.yaml @@ -0,0 +1,61 @@ +# Copyright 2020 The Knative Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is automagically synced here from github.com/knative-sandbox/.github +# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten. + +name: Do Not Submit + +on: + pull_request: + branches: [ 'master', 'release-*' ] + +jobs: + + donotsubmit: + name: Do Not Submit + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Do Not Submit + shell: bash + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + TEMP_PATH="$(mktemp -d)" + PATH="${TEMP_PATH}:$PATH" + + echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog' + curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 + echo '::endgroup::' + + echo '::group:: Running DO NOT SUBMIT with reviewdog 🐶 ...' + # Don't fail because of grep + set +o pipefail + find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' -not -path './.github/workflows/*' | + xargs grep -n "DO NOT SUBMIT" | + reviewdog -efm="%f:%l:%m" \ + -name="DO NOT SUBMIT" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + + echo '::endgroup::' diff --git a/.github/workflows/knative-go-build.yaml b/.github/workflows/knative-go-build.yaml new file mode 100644 index 0000000000..609551157f --- /dev/null +++ b/.github/workflows/knative-go-build.yaml @@ -0,0 +1,59 @@ +# Copyright 2020 The Knative Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is automagically synced here from github.com/knative-sandbox/.github +# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten. + +name: Build + +on: + pull_request: + branches: [ 'master', 'release-*' ] + +jobs: + + build: + name: Build + strategy: + matrix: + go-version: [1.15.x] + platform: [ubuntu-latest] + + runs-on: ${{ matrix.platform }} + + steps: + + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - name: Build + run: | + tags="$(grep -I -r '// +build' . | \ + grep -v '^./vendor/' | \ + grep -v '^./hack/' | \ + grep -v '^./third_party' | \ + cut -f3 -d' ' | \ + sort | uniq | \ + grep -v '^!' | \ + tr '\n' ' ')" + + echo "Building with tags: ${tags}" + go test -vet=off -tags "${tags}" -run=^$ ./... | grep -v "no test" || true + diff --git a/.github/workflows/knative-go-test.yaml b/.github/workflows/knative-go-test.yaml new file mode 100644 index 0000000000..8810ba7dbc --- /dev/null +++ b/.github/workflows/knative-go-test.yaml @@ -0,0 +1,65 @@ +# Copyright 2020 The Knative Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is automagically synced here from github.com/knative-sandbox/.github +# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten. + +name: Test + +on: + + push: + branches: [ 'master' ] + + pull_request: + branches: [ 'master', 'release-*' ] + +jobs: + + test: + name: Unit Tests + strategy: + matrix: + go-version: [1.15.x] + platform: [ubuntu-latest] + + runs-on: ${{ matrix.platform }} + + steps: + + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - name: Check for .codecov.yaml + id: codecov-enabled + uses: andstor/file-existence-action@v1 + with: + files: .codecov.yaml + + - if: steps.codecov-enabled.outputs.files_exists == 'true' + name: Produce Go Coverage + run: echo 'COVER_OPTS=-coverprofile=coverage.txt -covermode=atomic' >> $GITHUB_ENV + + - name: Test + run: go test -race $COVER_OPTS ./... + + - if: steps.codecov-enabled.outputs.files_exists == 'true' + name: Codecov + uses: codecov/codecov-action@v1 diff --git a/.github/workflows/knative-security.yaml b/.github/workflows/knative-security.yaml new file mode 100644 index 0000000000..a5f7703d2b --- /dev/null +++ b/.github/workflows/knative-security.yaml @@ -0,0 +1,52 @@ +# Copyright 2020 The Knative Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is automagically synced here from github.com/knative-sandbox/.github +# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten. + +name: 'Security' + +on: + pull_request: + branches: [ 'master', 'release-*' ] + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: go + + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/knative-stale.yaml b/.github/workflows/knative-stale.yaml new file mode 100644 index 0000000000..1b4e4334b1 --- /dev/null +++ b/.github/workflows/knative-stale.yaml @@ -0,0 +1,49 @@ +# Copyright 2020 The Knative Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is automagically synced here from github.com/knative-sandbox/.github +# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten. + +name: 'Close stale' + +on: + schedule: + - cron: '0 1 * * *' + +jobs: + stale: + runs-on: 'ubuntu-latest' + steps: + - uses: 'actions/stale@v3' + with: + repo-token: '${{ secrets.GITHUB_TOKEN }}' # No need to setup + + stale-issue-message: |- + This issue is stale because it has been open for 90 days with no + activity. It will automatically close after 30 more days of + inactivity. Reopen the issue with `/reopen`. Mark the issue as + fresh by adding the comment `/remove-lifecycle stale`. + stale-issue-label: 'lifecycle/stale' + exempt-issue-labels: 'lifecycle/frozen' + + stale-pr-message: |- + This Pull Request is stale because it has been open for 90 days with + no activity. It will automatically close after 30 more days of + inactivity. Reopen with `/reopen`. Mark as fresh by adding the + comment `/remove-lifecycle stale`. + stale-pr-label: 'lifecycle/stale' + exempt-pr-labels: 'lifecycle/frozen' + + days-before-stale: 90 + days-before-close: 30 diff --git a/.github/workflows/knative-style.yaml b/.github/workflows/knative-style.yaml new file mode 100644 index 0000000000..a2603b1e4d --- /dev/null +++ b/.github/workflows/knative-style.yaml @@ -0,0 +1,278 @@ +# Copyright 2020 The Knative Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is automagically synced here from github.com/knative-sandbox/.github +# repo by knobots: https://github.com/mattmoor/knobots and will be overwritten. + +name: Code Style + +on: + pull_request: + branches: [ 'master', 'release-*' ] + +jobs: + + autoformat: + name: Auto-format and Check + runs-on: ubuntu-latest + strategy: + fail-fast: false # Keep running if one leg fails. + matrix: + tool: + - goimports + - gofmt + + include: + - tool: gofmt + options: -s + - tool: goimports + importpath: golang.org/x/tools/cmd/goimports + + steps: + - name: Set up Go 1.15.x + uses: actions/setup-go@v2 + with: + go-version: 1.15.x + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - name: Install Dependencies + if: ${{ matrix.importpath != '' }} + run: | + cd $(mktemp -d) + GO111MODULE=on go get ${{ matrix.importpath }} + + - name: ${{ matrix.tool }} ${{ matrix.options }} + shell: bash + run: | + ${{ matrix.tool }} ${{ matrix.options }} -w $(find . -path './vendor' -prune -o -path './third_party' -prune -o -name '*.pb.go' -prune -o -type f -name '*.go' -print) + + - name: Verify ${{ matrix.tool }} + shell: bash + run: | + # From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/ + # This is to leverage this workaround: + # https://github.com/actions/toolkit/issues/193#issuecomment-605394935 + function urlencode() { + sed ':begin;$!N;s/\n/%0A/;tbegin' + } + if [[ $(git diff-index --name-only HEAD --) ]]; then + for x in $(git diff-index --name-only HEAD --); do + echo "::error file=$x::Please run ${{ matrix.tool }} ${{ matrix.options }}.%0A$(git diff $x | urlencode)" + done + echo "${{ github.repository }} is out of style. Please run ${{ matrix.tool }} ${{ matrix.options }}." + exit 1 + fi + echo "${{ github.repository }} is formatted correctly." + + lint: + name: Lint + runs-on: ubuntu-latest + + steps: + - name: Set up Go 1.15.x + uses: actions/setup-go@v2 + with: + go-version: 1.15.x + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - name: Install Tools + run: | + TEMP_PATH="$(mktemp -d)" + cd $TEMP_PATH + + echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog' + curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 + echo '::endgroup::' + + echo '::group:: Installing misspell ... https://github.com/client9/misspell' + go get github.com/client9/misspell/cmd/misspell + echo '::endgroup::' + + echo '::group:: Installing woke ... https://github.com/get-woke/woke' + curl -sfL https://raw.githubusercontent.com/get-woke/woke/main/install.sh | sh -s -- -b "${TEMP_PATH}" "${WOKE_VERSION}" 2>&1 + echo '::endgroup::' + + echo "${TEMP_PATH}" >> $GITHUB_PATH + + - id: golangci_configuration + uses: andstor/file-existence-action@v1 + with: + files: .golangci.yaml + - name: Go Lint + if: steps.golangci_configuration.outputs.files_exists == 'true' + uses: golangci/golangci-lint-action@v2 + with: + version: v1.30 + + - name: misspell + shell: bash + if: ${{ always() }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Running github.com/client9/misspell with reviewdog 🐶 ...' + # Don't fail because of misspell + set +o pipefail + find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' | + xargs misspell -error | + reviewdog -efm="%f:%l:%c: %m" \ + -name="github.com/client9/misspell" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + + echo '::endgroup::' + + - name: trailing whitespace + shell: bash + if: ${{ always() }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...' + # Don't fail because of grep + set +o pipefail + find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' | + xargs grep -nE " +$" | + reviewdog -efm="%f:%l:%m" \ + -name="trailing whitespace" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + + echo '::endgroup::' + + - name: EOF newline + shell: bash + if: ${{ always() }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...' + # Don't fail because of misspell + set +o pipefail + # Lint exclude rule: + # - nothing in vendor/ + # - nothing in third_party + # - nothing in .git/ + # - no *.ai (Adobe Illustrator) files. + for x in $(find . -type f -not -name '*.ai' -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*'); do + # Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file + if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then + # We add 1 to `wc -l` here because of this limitation (from the man page): + # Characters beyond the final character will not be included in the line count. + echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline + fi + done | + reviewdog -efm="%f:%l: %m" \ + -name="EOF Newline" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + + echo '::endgroup::' + + - name: Redundant Format + shell: bash + if: ${{ always() }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Flagging possibly unnecessary format calls for trailing argument with reviewdog 🐶 ...' + # Don't fail because of misspell + set +o pipefail + # For all look for formatting calls and extract the ones that + # have only a single formatting argument and that argument is in the last position. + # But exclude the `fmt.Errorf` calls since there's no `fmt.Error` and `errors.New` is not + # as versatile. + # Also ignore `%T` — to print the type and `%q` to quote the final string. + fn=$(find . -path './vendor' -prune -o -path './third_party' -prune -o -name '*.pb.go' -prune -o -type f -name '*.go' -print) + grep -nE '[^.]+\.(Fatalf|Errorf|Warnf|Infof|Debugf|Logf|Sprintf|Fprintf|Printf)[^\%]+%[^Tqx]",[^,]+' $fn | grep -v "fmt.Errorf" | + while read -r ent ; do + file=$(echo $ent | cut -d':' -f 1); + line=$(echo $ent | cut -d':' -f 2); + ch=$(echo $ent | cut -d':' -f3-); + err="Unknown printer tool, please file an issue in knative-sandbox/.github and assign to @vagababov: $ch" + if echo $ch | grep --quiet -E "^t.(Errorf|Fatalf|Logf)" ; then + err=$(echo $ch | sed -E 's/([^.fm]+t\.)(Fatal|Error|Log)f([^\%]+)( %[^Tq]",)([^,]+)/\1\2\3",\5/') + # Not a test. Here we deal with various loggers and fmt helpers. + elif echo $ch | grep --quiet "log" ; then + # Capture (x)?log(er)?. + err=$(echo $ch | sed -E 's/(.*log.*\.)(Print|Fatal|Error|Info|Warn)f([^\%]+)(%[^Tq]",)([^,]+)/\1\2\3",\5/') + elif echo $ch | grep --quiet -E "fmt\.Sprintf" ; then + # Always space after sprintf + err=$(echo $ch | sed -E 's/(fmt\.)(Sprint)f([^%]+) (%s",)([^,]+)/\1\2\3 ",\5/') + elif echo $ch | grep --quiet -E "fmt\." ; then # all other fmt. printers. + err=$(echo $ch | sed -E 's/(fmt\.)(Print|Fprint)f([^%]+) (%[^sTxq]",)([^,]+)/\1\2\3",\5/') + fi + echo "$file:$line: Please consider avoiding tail format like this:%0A$err" + done | + reviewdog -efm="%f:%l: %m" \ + -name="Redundant Format" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + echo '::endgroup::' + + # This is mostly copied from https://github.com/get-woke/woke-action-reviewdog/blob/main/entrypoint.sh + # since their action is not yet released under a stable version. + - name: Language + if: ${{ always() && github.event_name == 'pull_request' }} + shell: bash + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + WOKE_VERSION: v0.1.11 + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + # Create a minimal .wokeignore if none already exist. + if [ ! -f .wokeignore ]; then + cat > .wokeignore <